forked from wagov/wasocshared
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
246 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
29 changes: 29 additions & 0 deletions
29
docs/advisories/20241025001-Cisco-Critical-Vulnerabilities.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| # Cisco Addresses Critical Vulnerabilities - 20241025001 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware to critical vulnerabilities affecting Cisco systems that could enable an authenticated remote attacker to execute operating system commands with root privileges. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | --------------------------------------------- | -------------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | Cisco Secure Firewall Management Center (FMC) | all versions \<= 7.4.2 | [CVE-2024-20424](https://nvd.nist.gov/vuln/detail/CVE-2024-20424) | 9.9 | **Critical** | | ||
| | Cisco Adaptive Security Appliance (ASA) | all versions \<= 9.18.3.56 | [CVE-2024-20329](https://nvd.nist.gov/vuln/detail/CVE-2024-20329) | 9.9 | **Critical** | | ||
| | Cisco Firepower Threat Defense (FTD) | all versions \<= 7.4.1.1 | [CVE-2024-20412](https://nvd.nist.gov/vuln/detail/CVE-2024-20412) | 9.3 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Cisco advisory CVE-2024-20424: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssh-rce-gRAuPEUF> | ||
| - Cisco advisory CVE-2024-20329: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7> | ||
| - Cisco advisory CVE-2024-20412: <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Security Affairs article: <https://securityaffairs.com/170203/breaking-news/cisco-fixed-tens-of-vulnerabilities-including-actively-exploited-one.html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| # New ICS Advisories - 20241028001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Rockwell and Siemens have released advisories for critical vulnerabilities in their Industrial Control Systems (ICS) products. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | Advisory | | ||
| | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | | ||
| | Rockwell Automation | [SD 1708 - ThinManager Multiple Vulnerabilities](https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html) | | ||
| | Siemens | [SSA-333468: Multiple Vulnerabilities in InterMesh Subscriber Devices](https://cert-portal.siemens.com/productcert/html/ssa-333468.html) | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20241029001-Progress-WhatsUp-Critical-Update.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Progress WhatsUp Critical Update - 20241029001 | ||
|
|
||
| ## Overview | ||
|
|
||
| The WA SOC has been made aware about a critical vulnerability in certain WhatsUp Gold versions, having an Authentication Bypass issue which allows an attacker to obtain encrypted user credentials. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | ---------------------------- | --------------------------------------------------------------- | ---- | ------------ | | ||
| | WhatsUp Gold | All versions before 2024.0.0 | [CVE-2024-7763](https://nvd.nist.gov/vuln/detail/CVE-2024-7763) | 9.8 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Progress: <https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - SecurityOnline: <https://securityonline.info/whatsup-gold-users-beware-critical-authentication-bypass-flaw-exposed-cve-2024-7763-cvss-9-8/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Apple Critical Update - 20241030001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Apple has released updates for multiple products. The WA SOC has been made aware of some vulnerabilities being classified as critical. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | -------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | iOS and iPadOS | all versions \< 18.1 | [CVE-2024-40867](https://nvd.nist.gov/vuln/detail/CVE-2024-40867) | 9.6 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Apple October iOS and iPadOS 18.1 Release Notes: <https://support.apple.com/en-us/121563> | ||
| - Apple Security Realses Overview: <https://support.apple.com/en-us/100100> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - SecurityOnline article: <https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2024-121> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # QNAP Zero-Day Vulnerability - 20241030002 | ||
|
|
||
| ## Overview | ||
|
|
||
| An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------------ | ------------------ | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | HBS 3 Hybrid Backup Sync | 25.1 \< 25.1.1.673 | [CVE-2024-50388](https://nvd.nist.gov/vuln/detail/CVE-2024-50388) | TBA | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - QNAP: <https://www.qnap.com/en-us/security-advisory/qsa-24-41> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - Tenable: <https://www.tenable.com/cve/CVE-2024-50388> |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20241030003-Spring-Webflux-Vulnerability.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Spring WebFlux Critical Advisory - 20241030003 | ||
|
|
||
| ## Overview | ||
|
|
||
| Spring Security have disclosed an vulnerability that enables an “authorisation bypass of static resources in WebFlux applications” under specific conditions. If exploited, this vulnerability could potentially allow unauthorized access to static resources, undermining application security. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | Spring WebFlux | 5.7.0 - 5.7.12 <br> 5.8.0 - 5.8.14 <br> 6.0.0 - 6.0.12 <br> 6.1.0 - 6.1.10 <br> 6.2.0 - 6.2.6 <br> 6.3.0 - 6.3.3 | [CVE-2024-38821](https://nvd.nist.gov/vuln/detail/CVE-2024-38821) | 9.1 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Spring: <https://spring.io/security/cve-2024-38821> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - SecurityOnline: <https://securityonline.info/cve-2024-38821-cvss-9-1-allows-authorization-bypass-in-webflux-applications/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # New ICS Advisories - 20241030004 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA have released advisories for critical vulnerabilities relating to Industrial Control Systems (ICS) products. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | | ||
| | ----------------- | | ||
| | Siemens | | ||
| | Solar-Log | | ||
| | Delta Electronics | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
|
||
| - CISA: <https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories> |
25 changes: 25 additions & 0 deletions
25
docs/advisories/20241031001-Google-Chrome-Critical-Updates.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Google Chrome Critical Updates - 20241031001 | ||
|
|
||
| ## Overview | ||
|
|
||
| Google has released a new stable channel update for their Chrome browser addressing multiple vulnerabilities. Successful exploitation could allow a remote attacker to perform malicious activity via a crafted HTML page. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Affected Version(s) | CVE | CVSS | Severity | | ||
| | ------------------- | -------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------------------------ | | ||
| | Google Chrome | All versions below 130.0.6723.92 | [CVE-2024-10487](https://nvd.nist.gov/vuln/detail/CVE-2024-10487) <br> [CVE-2024-10488](https://nvd.nist.gov/vuln/detail/CVE-2024-10488) | 9.8 <br> 9.8 | **Critical** <br> **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - Google: <https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html> | ||
|
|
||
| ## Additional References | ||
|
|
||
| - SecurityOnline article: <https://securityonline.info/new-chrome-security-patch-targets-critical-cve-2024-10487-10488-flaws-update-immediately/> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| # IBM Critical Update - 20241031002 | ||
|
|
||
| ## Overview | ||
|
|
||
| A critical vulnerability has been identified in IBM Power Systems servers. The IBM Flexible Service Processor (FSP) contains static credentials that could enable network users to obtain service privileges on the FSP. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Product(s) Affected | Version(s) | CVE | CVSS | Severity | | ||
| | ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---- | ------------ | | ||
| | IBM Flexible Service Processor | FW1060.00 - FW1060.10 <br> FW1050.00 - FW1050.21 <br> FW1030.00 - FW1030.61 <br> FW950.00 - FW950.C0 <br> FW860.00 - FW860.B3 | [CVE-2024-45656](https://nvd.nist.gov/vuln/detail/CVE-2024-45656) | 9.8 | **Critical** | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *48 hours...* (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - IBM: <https://www.ibm.com/support/pages/node/7174183> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # New ICS Advisories - 20241101002 | ||
|
|
||
| ## Overview | ||
|
|
||
| CISA have released advisories for critical vulnerabilities relating to Industrial Control Systems (ICS) products. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | Vendor | | ||
| | ------------------- | | ||
| | Rockwell Automation | | ||
| | Mitsubishi Electric | | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators review relevant advisories and apply the recommended actions to all affected devices. | ||
|
|
||
| - CISA: <https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters